Automate - Configure Azure AD Authentication
The material in this document is for informational purposes only. This guide assumes that the most recent version of Rampiva Automate is in use unless otherwise noted in the prerequisites. The products it describes are subject to change without prior notice, due to the manufacturer’s continuous development program. Rampiva makes no representations or warranties with respect to this document or with respect to the products described herein. Rampiva shall not be liable for any damages, losses, costs or expenses, direct, indirect or incidental, consequential or special, arising out of, or related to the use of this material or the products described herein.
Introduction
This document outlines the process to configure Rampiva Automate for Azure AD authentication.
Prerequisites
Microsoft Azure Subscription
Rampiva Automate Basic Installation https://rampiva.atlassian.net/l/c/gy1QuLcP
Outbound Internet access to Microsoft services over HTTPS
Instructions
A. Configure Azure Active Directory
| 1 | Log in to the Microsoft Azure Portal: https://portal.azure.com/ Open the Azure Active Directory resource. Select the app Registrations panel.
| 
|
| 2 | From the menu bar, select New registration. | 
|
| 3 | Name the application Rampiva Automate. Set the the Supported account types: to Accounts in this organizational directory only. Set the Redirect URI to https://scheduler.example.com/api/v1/users/oidcResponse, where scheduler.example.com corresponds to the server name or IP address on which Rampiva Automate is deployed.
|
|
| 4 | Click Register to register the app and take note of the Application (client) ID from the Overview pane. |
|
| 5 | Open the Certificates & secrets pane.
|
|
| 6 | Create a New client secret. Set the secret description to Rampiva Scheduler and set the expiration to Never.
| |
| 7 | Take note of the client secret value before you move to the next page. You will not be able to retrieve the Client Secret value again. Be sure to securely document the Client Secret. The client secret will be used later in this guide. |
|
| 8 | Open the API permissions pane. Add a permission from the Microsoft Graph. Select Delegated permissions. |
|
| 9 | Search for and select the permission Directory.AccessAsUser.All and add the permission. |
|
| 10 | Add another permission from the Delegated permissions section of Microsoft Graph. Search for and select the permission User.ReadBasic.all and add the permission. |
|
| 11 | Grant admin consent for your domain.
|
|
| 12 | Navigate to the Rampiva Automate Overview page. Take note of the (client) ID listed. |
B. Configure Rampiva Automate
| 1 | Click Add + OIDC Authentication Service | |
| 2 | Name the Service and enter the details for Tenant, Client ID, and Client Secret obtained from the steps in Section A. Microsoft Azure Settings. Use the value https://login.microsoftonline.com/ for the Authority input. |
|
| 3 | Click Add Service to add the Microsoft Azure AD Authentication method. | |
| 4 | Update any Security Policies that will use the new login type to include the Principal type desired. Options include:
| |
| 5 | Browse to your Rampiva Automate instance in your preferred web browser. An option to Sign in with Microsoft should now be available. Sign in with an Azure AD account that also has provisions Security Policy permissions. |
|